<?php


if(!defined('IN_DISCUZ')) {
	exit('Access Denied');
}
if($_GET['action'] =='ckeck'){
	dsetcookie('token_sms_code','');
	$members = array();
	if($_G['uid']){
		$mobile = $_G['member']['bindmobile'];
		//手机号部分隐藏处理
		if($mobile){
			$mobile = smscode_mobile_hide($mobile);
		}
	}
	include template('common/smscode_check');
	
}elseif($_GET['action'] =='ckecksubmit'){
	
	if(submitcheck('smscodechecksubmit')) {
		//短信验证码showWindow数据提交校验
		if(!$_G['uid']){
			showmessage('to_login');
		}
		
		if(!$_G['member']['bindmobile']){
			showmessage('smscode_noverify');
		}
		$_G['smscode_dreferer'] = $_GET['dreferer'];
		if($_G['smscode_dreferer']) $_G['smscode_dreferer'] = urldecode($_G['smscode_dreferer']);
		if(!$_G['smscode_dreferer']) $_G['smscode_dreferer'] = dreferer();
		
		if(!$_POST['smscode']){
			showmessage('smscode_cpfieldnull', '', array(), array('return' => true));
		}
		if(smscode('check',$_GET['modules'],$_G['member']['bindmobile'],$_POST['smscode'])){
			if($_G['smscode_dreferer']){
				showmessage('smscode_showcheck_succeed',$_G['smscode_dreferer']);
			}else{
				showmessage('smscode_showcheck_succeed', '', array(), array('extrajs' => '<script type="text/javascript" reload="1">window.location.href = window.location.href;hideWindow(\'smscodecheck\')</script>'));
			}
		}else{
			showmessage('smscode_checkerror', '', array(), array('return' => true));
		}
		
	}else{
		showmessage('smscode_error_98');
	}
	
	
}elseif($_GET['action'] =='seccodeimgage'){
	
	$refererhost = parse_url($_SERVER['HTTP_REFERER']);
	$refererhost['host'] .= !empty($refererhost['port']) ? (':'.$refererhost['port']) : '';
	if($_G['setting']['seccodedata']['type'] < 2 && ($refererhost['host'] != $_SERVER['HTTP_HOST']) || $_G['setting']['seccodedata']['type'] == 2 && !extension_loaded('ming') && $_POST['fromFlash'] != 1 || $_G['setting']['seccodedata']['type'] == 3 && $_GET['fromFlash'] != 1) {
		exit('Access Denied');
	}
	$seccode = random(6,1);
	$s = sprintf('%04s', base_convert($seccode, 10, 24));
	$seccodeunits = 'BCEFGHJKMPQRTVWXY2346789';
	if($seccodeunits) {
		$seccode = '';
		for($i = 0; $i < 4; $i++) {
			$unit = ord($s{$i});
			$seccode .= ($unit >= 0x30 && $unit <= 0x39) ? $seccodeunits[$unit - 0x30] : $seccodeunits[$unit - 0x57];
		}
	}
	
	$ssid = C::t('common_seccheck')->insert(array(
		'dateline' => TIMESTAMP,
		'code' => $seccode,
		'succeed' => 0,
		'verified' => 0,
	), true);
	
	dsetcookie('token_sms_code',slimtoken('ENCODE','smsseccode_new', $ssid),86400);

	dsetcookie('cccode',$seccode.'--'.$ssid);
	
	if(!$_G['setting']['nocacheheaders']) {
		@header("Expires: -1");
		@header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
		@header("Pragma: no-cache");
	}

	require_once libfile('class/seccode');
	$code = new seccode();
	$code->code = $seccode;
	$code->type = 0;
	$code->width = $_G['setting']['seccodedata']['width'];
	$code->height = $_G['setting']['seccodedata']['height'];
	$code->background = $_G['setting']['seccodedata']['background'];
	$code->adulterate = $_G['setting']['seccodedata']['adulterate'];
	$code->ttf = $_G['setting']['seccodedata']['ttf'];
	$code->angle = $_G['setting']['seccodedata']['angle'];
	$code->warping = $_G['setting']['seccodedata']['warping'];
	$code->scatter = $_G['setting']['seccodedata']['scatter'];
	$code->color = $_G['setting']['seccodedata']['color'];
	$code->size = $_G['setting']['seccodedata']['size'];
	$code->shadow = $_G['setting']['seccodedata']['shadow'];
	$code->animator = $_G['setting']['seccodedata']['animator'];
	$code->fontpath = DISCUZ_ROOT.'./static/image/seccode/font/';
	$code->datapath = DISCUZ_ROOT.'./static/image/seccode/';
	$code->includepath = DISCUZ_ROOT.'./source/class/';

	$code->display();
	
	
}elseif($_GET['action'] =='seccodecheck'){
	
	$token = slimtoken('DECODE','smsseccode_new', getcookie('token_sms_code'));
	if($token = intval($token)) {
		$seccheck = C::t('common_seccheck')->fetch($token);
	}
	$secverify = strtoupper($_GET['secverify']);
	if($secverify && $seccheck && $secverify == strtoupper($seccheck['code'])){
		dsetcookie('token_sms_code',slimtoken('ENCODE','smsseccode', array($seccheck['ssid'],$secverify)),86400);
		echo '1';
	}else{
		dsetcookie('token_sms_code','');
		echo '0';
	}
	exit;
}else{
	if(!smscode_seccodecheck()){
		smscode_showmessage_json(array('status'=>0,'error'=>994,'showmessage'=>lang('message','smscode_seccodeerror')));
	}
	$return = array();
	$mobile = $_POST['mobile'];
	$modules = intval($_POST['modules']);
	
	if(($mobile =='USER' || $_GET['ac'] =='editmobile') && $_G['uid']){
		if($_GET['ac'] =='editmobile' && $_G['member']['bindmobile'] == $mobile){
			smscode_showmessage_json(array('status'=>0,'error'=>9999,'showmessage'=>lang('message','smscode_mobilesame')));
		
		}elseif($mobile =='USER'){
			$mobile = $_G['member']['bindmobile'];
		}
	}
	if(!$mobile){
		smscode_showmessage_json(array('status'=>0,'error'=>993,'showmessage'=>lang('message','smscode_error_3')));
	}

	if($modules == 1){//注册帐号判断号码是否有绑定用户
		$uid = smscode('uidstatus',1,$mobile);
		if($uid){
			smscode_showmessage_json(array('status'=>0,'error'=>97,'showmessage'=>lang('message','smscode_error_97')));
		}
	}elseif(!in_array($modules,array(1,2,4)) && !$_G['uid']){
		smscode_showmessage_json(array('status'=>0,'error'=>96,'showmessage'=>lang('message','smscode_error_96')));
	}
	
	
	$return = smscode('send',$_POST['modules'],$mobile,1);
	
	smscode_showmessage_json($return);
	
}

function smscode_seccodecheck(){
	$token = getcookie('token_sms_code');
	$token = slimtoken('DECODE','smsseccode',$token);
	if(!$token || !$token['0'] || !$token['1']){
		return false;
	}
	if($token['0']) {
		$seccheck = C::t('common_seccheck')->fetch($token['0']);
	}
	$token['1'] = strtoupper($token['1']);
	if($token['1'] && $seccheck && $token['1'] == strtoupper($seccheck['code'])){
		if(TIMESTAMP - $seccheck['dateline'] > 600 || $seccheck['verified'] > 4) {
			C::t('common_seccheck')->delete_expiration($seccheck['ssid']);
			return false;
		}
		C::t('common_seccheck')->update_succeed($seccheck['ssid']);
		return true;
	}
	C::t('common_seccheck')->update_verified($seccheck['ssid']);
	return false;
}

function smscode_showmessage_json($return){
	if($return['showmessage']){
		if(CHARSET =='gbk'){
			$return['showmessage'] = diconv($return['showmessage'],CHARSET,'utf-8');
		}
	}
	header("Content-type: application/json");
	echo json_encode($return);
	exit;
}
?>